Radius proxy implementation
Fajar A. Nugraha
list at fajar.net
Tue May 3 05:00:54 CEST 2011
On Tue, May 3, 2011 at 9:45 AM, doqb at hotmail.com <doqb at hotmail.com> wrote:
> Hello...
>
> I am new to freeradius and I am hoping someone can give me some help with a
> little project. The architecture is as follows:
>
> RADIUS SERVER -----------------freeRadius-----------------Radius client
>
> The radius client is sending Authentications and accounting requests to
> freeRadius.
>
> For Authentication, the freeRadius must receive the access_requests, add a
> couple of AVPs to it, and then send it to the RADIUS SERVER,
It should be possible using pre_proxy section. See
sites-available/default. You could also use unlang there.
> this server
> will respond with either accept/reject and the freeRadius must forward that
> to the client.
>
> Once authentication is done, the Radius client will start sending accounting
> messages to freeRadius. The freeRadius must count the number of octets sent
> and received (information which is inside the accounting message) and once a
> certain number of packets are reached it should trigger and access_reject to
> the Radius client.
I don't think this one is possible. What might be possible:
- store accounting info in sql
- use the information from sql to filter access-request packets in
pre-proxy and post-proxy sections. You should be able to add some
reply items (like Session-Timeout), or reject it when the user exceeds
quota
--
Fajar
More information about the Freeradius-Users
mailing list